W32.Gregcenter


Aliases: W32/GregCenter, Trojan.Win32.Qrap
Variants: W32/GregCen-A, PE_GREGCENT.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, Australia, North and South America
Removal: Easy
Platform: W32
Discovered: 28 Oct 2004
Damage: Low

Characteristics: A computer system is infected by the W32.Gregcenter malware will have executable files which have bloated file sizes. The increase in the file size is attributed to the routine of the virus which adds its codes at the beginning of the executable file as against the usual practice of placing virus codes at the end of the file. This results in a possible corruption of the entry point codes that prevents an application from launching.

More details about W32.Gregcenter

The manner of execution of the W32.Gregcenter malware involves the creation of two temporary files but with an EXE file extension. One set is used to store the body of the virus while the other serves as the copy for the original host file. The filename used for these temporary files usually reference the Windows Host file or the Notepad tool of the operating system. The W32.Gregcenter will only infect 32-bit executable files by moving the file header down to make room for its own codes. According to some antivirus developers an infected executable file would normally contain the "Nortonscoffer" as well as the "Gregory.GREYCENTER" text strings in the body. The W32.Gregcenter will attempt to make multiple copies of itself in the same directory.

The file naming convention followed by the W32.Gregcenter usually involves using the name of the executable file plus a number or series of numbers of incrementing value. The appended numerical value is placed before the file extension which makes it appear as though there are multiple volumes of a single executable file. The W32.Gregcenter will repeat the same routine until all executable files on all local and mapped hard drives are infected. Upon completion of the infection routine the W32.Gregcenter will display moving colored circles on the computer screen of the infected machine.